Topic: Epic Review & Suggestions
I began using Epic Browser a week ago after reading an article about it on Slashdot. I spend a small part of each day keeping updated on the latest privacy and encryption news. Needless to say, the revelations of the past few months have made this more of a requirement than a hobby. I almost skipped over the Epic Browser announcement when I saw that it was based on Chromium code, having switched to Firefox primarily due to privacy concerns. Thankfully there were enough details on the website to convince me that the team had spent a significant amount of time securing Chromium in much the same way that I focus on Firefox using extensions and editing the configuration. I've been using it as my main browser since it was installed, and have been impressed with many of the customizations that have been implemented.
Things I Like
The amount of changes made. I came into this expecting a few popular chrome extensions replicated and nothing more. The more I use it, the more apparent it is to me that this is a serious effort from people passionate about security and privacy.
Not allowing people to accidentally worsen their security. Making the decision to disable extensions is a tough choice that I believe to be the right one. If you are able to replicate all of the security functions that extensions provide in Firefox, then the browser will be perfect for me. The only thing you might consider in the future is to white-list a few essential applications like Lastpass as long as they don't introduce any vulnerabilities.
So far, you seem to be making a substantial effort to answer questions in these forums. If you are able to incorporate the promised changes quickly, then this project will evolve nicely.
The program seems snappier than default chrome with privacy extensions installed.
The proxy is a great feature, though an option to disable it for those of us behind VPNs might be useful, even if the option is buried somewhere so regular users don't compromise their security.
Bult in search engine returns acceptable results.
Things That Need Improvement
Forced HTTPS when available. If there is one deal breaker in this browser for me, it is the lack of functionality that HTTPS-Everywhere provides. If you are not already working on this and plan on implementing a similar feature soon, I would strongly suggest allowing HTTPS-Everywhere to be white-listed as an available extension.
Having a portable version of your browser that can be installed on a USB drive would be a large step in making the software more secure.
Browser Fingerprinting is one of the greatest threats to our privacy even with users using a VPN service. Please work on obtaining a better score at Panopticlick. I understand that it's troublesome and there is not a standard way of fighting this, but making progress in this area is one of the most important things we need right now to maintain our privacy.
Remove features like "Sign into Epic through your Google account". This is a step backwards for a browser focused on privacy mode, as is the next point on this list...
Turn off "offer to save passwords" as a default option.
Begin implementing NoScript features. Since you are changing the code of Chromium and not just making another extension, you are in the best position to offer options that only Firefox was able to allow access to.
The web site mentions that on close, Epic clears all of your browsing data. Where is that data stored, on your hard drive? Would it be a better option to store it in ram? Have you considered overwriting the data with random information instead of just deleting it?
On the epicsearch results page, your logo and sidebar look greyed out. This is really distracting.
I don't know why your web site says "No Spell-Check." Is spell check a privacy issue somehow? Anyways, it seems to be working fine while typing this up.
What caused you to go from a browser customized for Indians to a privacy focused browser?
Since the original Epic was based on Firefox, what led to the decision to switch to Chromium?
What is your opinion on the current state of privacy online since all of these new revelations have surfaced recently?
Despite my criticisms, I am extremely impressed with your initial efforts and will be watching this project very closely!
Edit: Got HTTPS-Everywhere installed without a problem, I don't know if that's a good or bad thing.